Index: crypto/openssh/auth-chall.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v
retrieving revision 1.2.2.3
retrieving revision 1.2.2.3.2.1
diff -p -c -r1.2.2.3 -r1.2.2.3.2.1
*** crypto/openssh/auth-chall.c	3 Jul 2002 22:11:41 -0000	1.2.2.3
--- crypto/openssh/auth-chall.c	24 Sep 2003 19:50:39 -0000	1.2.2.3.2.1
*************** verify_response(Authctxt *authctxt, cons
*** 80,82 ****
--- 80,90 ----
  	authctxt->kbdintctxt = NULL;
  	return res ? 0 : 1;
  }
+ void
+ abandon_challenge_response(Authctxt *authctxt)
+ {
+ 	if (authctxt->kbdintctxt != NULL) {
+ 		device->free_ctx(authctxt->kbdintctxt);
+ 		authctxt->kbdintctxt = NULL;
+ 	}
+ }
Index: crypto/openssh/auth.h
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth.h,v
retrieving revision 1.1.1.1.2.5
retrieving revision 1.1.1.1.2.5.2.1
diff -p -c -r1.1.1.1.2.5 -r1.1.1.1.2.5.2.1
*** crypto/openssh/auth.h	3 Jul 2002 22:11:41 -0000	1.1.1.1.2.5
--- crypto/openssh/auth.h	24 Sep 2003 19:50:39 -0000	1.1.1.1.2.5.2.1
*************** struct passwd * getpwnamallow(const char
*** 160,165 ****
--- 160,166 ----
  
  char	*get_challenge(Authctxt *);
  int	verify_response(Authctxt *, const char *);
+ void	abandon_challenge_response(Authctxt *);
  
  struct passwd * auth_get_user(void);
  
Index: crypto/openssh/auth1.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v
retrieving revision 1.3.2.8
retrieving revision 1.3.2.8.2.1
diff -p -c -r1.3.2.8 -r1.3.2.8.2.1
*** crypto/openssh/auth1.c	3 Jul 2002 22:11:41 -0000	1.3.2.8
--- crypto/openssh/auth1.c	24 Sep 2003 19:50:39 -0000	1.3.2.8.2.1
*************** do_authloop(Authctxt *authctxt)
*** 73,79 ****
  	char info[1024];
  	u_int dlen;
  	u_int ulen;
! 	int type = 0;
  	struct passwd *pw = authctxt->pw;
  
  	debug("Attempting authentication for %s%.100s.",
--- 73,79 ----
  	char info[1024];
  	u_int dlen;
  	u_int ulen;
! 	int prev, type = 0;
  	struct passwd *pw = authctxt->pw;
  
  	debug("Attempting authentication for %s%.100s.",
*************** do_authloop(Authctxt *authctxt)
*** 103,109 ****
--- 103,121 ----
  		info[0] = '\0';
  
  		/* Get a packet from the client. */
+ 		prev = type;
  		type = packet_read();
+ 
+ 		/*
+ 		 * If we started challenge-response authentication but the
+ 		 * next packet is not a response to our challenge, release
+ 		 * the resources allocated by get_challenge() (which would
+ 		 * normally have been released by verify_response() had we
+ 		 * received such a response)
+ 		 */
+ 		if (prev == SSH_CMSG_AUTH_TIS &&
+ 		    type != SSH_CMSG_AUTH_TIS_RESPONSE)
+ 			abandon_challenge_response(authctxt);
  
  		/* Process the packet. */
  		switch (type) {
Index: crypto/openssh/auth2-pam-freebsd.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.2.2.2
diff -p -c -r1.1.2.2 -r1.1.2.2.2.2
*** crypto/openssh/auth2-pam-freebsd.c	17 Jul 2002 17:45:18 -0000	1.1.2.2
--- crypto/openssh/auth2-pam-freebsd.c	24 Sep 2003 19:16:24 -0000	1.1.2.2.2.2
*************** pam_child_conv(int n,
*** 76,83 ****
  	*resp = xmalloc(n * sizeof **resp);
  	buffer_init(&buffer);
  	for (i = 0; i < n; ++i) {
! 		resp[i]->resp_retcode = 0;
! 		resp[i]->resp = NULL;
  		switch (msg[i]->msg_style) {
  		case PAM_PROMPT_ECHO_OFF:
  			buffer_put_cstring(&buffer, msg[i]->msg);
--- 76,83 ----
  	*resp = xmalloc(n * sizeof **resp);
  	buffer_init(&buffer);
  	for (i = 0; i < n; ++i) {
! 		(*resp)[i].resp_retcode = 0;
! 		(*resp)[i].resp = NULL;
  		switch (msg[i]->msg_style) {
  		case PAM_PROMPT_ECHO_OFF:
  			buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_child_conv(int n,
*** 85,91 ****
  			msg_recv(ctxt->pam_sock, &buffer);
  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
  				goto fail;
! 			resp[i]->resp = buffer_get_string(&buffer, NULL);
  			break;
  		case PAM_PROMPT_ECHO_ON:
  			buffer_put_cstring(&buffer, msg[i]->msg);
--- 85,91 ----
  			msg_recv(ctxt->pam_sock, &buffer);
  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
  				goto fail;
! 			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
  			break;
  		case PAM_PROMPT_ECHO_ON:
  			buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_child_conv(int n,
*** 93,99 ****
  			msg_recv(ctxt->pam_sock, &buffer);
  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
  				goto fail;
! 			resp[i]->resp = buffer_get_string(&buffer, NULL);
  			break;
  		case PAM_ERROR_MSG:
  			buffer_put_cstring(&buffer, msg[i]->msg);
--- 93,99 ----
  			msg_recv(ctxt->pam_sock, &buffer);
  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
  				goto fail;
! 			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
  			break;
  		case PAM_ERROR_MSG:
  			buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_child_conv(int n,
*** 111,118 ****
  	buffer_free(&buffer);
  	return (PAM_SUCCESS);
   fail:
- 	while (i)
- 		xfree(resp[--i]);
  	xfree(*resp);
  	*resp = NULL;
  	buffer_free(&buffer);
--- 111,116 ----
Index: crypto/openssh/ssh_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
retrieving revision 1.2.2.6
retrieving revision 1.2.2.6.2.1
diff -p -c -r1.2.2.6 -r1.2.2.6.2.1
*** crypto/openssh/ssh_config	25 Jul 2002 16:03:44 -0000	1.2.2.6
--- crypto/openssh/ssh_config	24 Sep 2003 19:51:42 -0000	1.2.2.6.2.1
***************
*** 34,37 ****
  #   Cipher 3des
  #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
  #   EscapeChar ~
! #   VersionAddendum FreeBSD-20020629
--- 34,37 ----
  #   Cipher 3des
  #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
  #   EscapeChar ~
! #   VersionAddendum FreeBSD-20030924
Index: crypto/openssh/sshd_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
retrieving revision 1.4.2.10
retrieving revision 1.4.2.10.2.1
diff -p -c -r1.4.2.10 -r1.4.2.10.2.1
*** crypto/openssh/sshd_config	26 Jul 2002 15:18:32 -0000	1.4.2.10
--- crypto/openssh/sshd_config	24 Sep 2003 19:51:42 -0000	1.4.2.10.2.1
***************
*** 14,20 ****
  # Note that some of FreeBSD's defaults differ from OpenBSD's, and
  # FreeBSD has a few additional options.
  
! #VersionAddendum FreeBSD-20020629
  
  #Port 22
  #Protocol 2,1
--- 14,20 ----
  # Note that some of FreeBSD's defaults differ from OpenBSD's, and
  # FreeBSD has a few additional options.
  
! #VersionAddendum FreeBSD-20030924
  
  #Port 22
  #Protocol 2,1
Index: crypto/openssh/version.h
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/version.h,v
retrieving revision 1.1.1.1.2.9.2.2
retrieving revision 1.1.1.1.2.9.2.3
diff -p -c -r1.1.1.1.2.9.2.2 -r1.1.1.1.2.9.2.3
*** crypto/openssh/version.h	17 Sep 2003 14:51:37 -0000	1.1.1.1.2.9.2.2
--- crypto/openssh/version.h	24 Sep 2003 19:51:42 -0000	1.1.1.1.2.9.2.3
***************
*** 5,11 ****
  
  #define SSH_VERSION             (ssh_version_get())
  #define SSH_VERSION_BASE        "OpenSSH_3.4p1"
! #define SSH_VERSION_ADDENDUM    "FreeBSD-20030917"
  
  const char *ssh_version_get(void);
  void ssh_version_set_addendum(const char *add);
--- 5,11 ----
  
  #define SSH_VERSION             (ssh_version_get())
  #define SSH_VERSION_BASE        "OpenSSH_3.4p1"
! #define SSH_VERSION_ADDENDUM    "FreeBSD-20030924"
  
  const char *ssh_version_get(void);
  void ssh_version_set_addendum(const char *add);
